<?php 
	$page_title = "Forgot Password";
	$email_address = $_POST['email'];    
	include 'errorTemplate.php'
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Patient Portal | Forgot Password</title>
</head>

<body>
				
<div class="clear"></div>

<br />

<center><img src="../assets/img/key.png" height="600%" top="20px" /></center>
				
<p align="center">&nbsp;</p>


<?php 
	include '../dashboard/db/db_Connect.php';

	$query = "SELECT * from members WHERE email_address='$email_address'";
	$result = mysql_query($query);

	if(mysql_num_rows($result) > 0) {
	
	// E-mail exists in database 
	$tempPasswd = generateRandomString();
	
		$passwdChange = "UPDATE members SET passwd='".SHA1($tempPasswd)."' WHERE email_address='$email_address'";
		$sql_passwd = mysql_query($passwdChange);	//user update executes
		
			if ($sql_passwd)  {
			// Password  update success			
				
				$to = $email_address;
				$subject = "Password Reset";
				$message = '<html><body>';
				$message = "Hello,
				
Your temporary password for Patient Portal is " . $tempPasswd . ".
Please login immediately and change your password. Patient Portal may be found at the following address: 
http://www.nd.edu/~ahuus/Patient-Portal/

From,
Patient Portal Administrator";
				$from = "admin@Patient-Portal.com";
				$headers = "From:" . $from;
				mail($to,$subject,$message,$headers);
							
				echo "<h1 align=\"center\" class=\"err\">Message Sent!<br />";
				echo "A temporary password has been e-mailed to you at " . $email_address;			
				
			} else {
			// Password failed to update
				echo "<h1 align=\"center\" class=\"err\">Uh Oh!<br />";
				echo "There was a problem updating your password";
			} 	
				
	
	} elseif (mysql_num_rows($result) == 0){
	// E-mail does not exist in database

		echo "<h1 align=\"center\" class=\"err\">Uh Oh!<br />";
		echo "The email address <i>" . $email_address . "</i> is not registered with Patient Portal <br />";
		echo "Please <a href=\"mailto:admin@Patient-Portal.com\">email</a> the system administrator to request an account";

	}

	include '../dashboard/db/db_Close.php';
	
	function generateRandomString($length = 10) {    
    return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
}
?>	 

 <p align="center"><a href="../index.php">Click here to Login </a></p>
</h1>
</body>
</html>